The aviation industry largely depends on the reliable functioning of critical information technology infrastructure. Like many other industries, the aviation industry is challenged with providing adequate security for such IT infrastructure and mitigating the effects of any cyber events. Examples of cyber events include malicious or suspicious events that compromise, or attempt to compromise, the operation of an aircraft's network, including its data connections and computing systems. These cyber event mitigation efforts require detection and response both during and after the cyber event.
In order to detect when cyber events occur, there is a need for assessing in real-time the cyber health of the aircraft and the air-traffic related computing and network environment. However, prior art solutions for aircraft cyber intelligence require complex algorithms and computing power which is not available on board while the aircraft is in flight. Also, it is not feasible for the aircraft to send all cyber log data to the ground because of the associated cost given the offboard bandwidth limitations. Furthermore, using prior art cyber analytics techniques, which analyze in depth and display each feature of cyber assessment in a separate display, it would take hundreds of graphs to graphically display cyber data for the more than 2000 airplanes that are in flight over the United States at any given time. Lastly, the traffic from the aircraft to the ground is encrypted and, in order to decrypt the traffic with the keys used for on-board systems, traffic performance can be negatively impacted. This makes it undesirable to decrypt the traffic in real time, which is required for logging traffic for proper cyber event inspection.
Thus, it is desirable to have an improved system and method for assessing and displaying in real time the cyber health of an aircraft while in flight.